Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
omv6:omv6_plugins:wireguard [2023/08/22 15:15] – [Point by point. Firewall configuration using iptables.] chente | omv6:omv6_plugins:wireguard [2024/04/27 17:30] (current) – chente | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | {{indexmenu_n> | ||
\\ | \\ | ||
+ | < | ||
+ | < | ||
+ | < | ||
< | < | ||
Line 13: | Line 17: | ||
===== Summary ===== | ===== Summary ===== | ||
+ | * The main purpose of Wireguard is to facilitate the connection of two devices over the Internet securely. | ||
* Openmediavault-wireguard integrates into the OMV interface trough the Tunnels and Clients tabs the ability to generate one or more point-to-site encrypted VPN Wireguard connection networks with two clicks. | * Openmediavault-wireguard integrates into the OMV interface trough the Tunnels and Clients tabs the ability to generate one or more point-to-site encrypted VPN Wireguard connection networks with two clicks. | ||
* Wireguard' | * Wireguard' | ||
Line 133: | Line 138: | ||
* **Client number** It must not coincide with that of other clients. | * **Client number** It must not coincide with that of other clients. | ||
* **Tunnel number** You must assign the client to one of the previously created tunnels. | * **Tunnel number** You must assign the client to one of the previously created tunnels. | ||
- | * **Name** You can name the client to identify it later. | + | * **Name** You can name the client to identify it later. |
+ | * **Restrict** button. The default setting is to leave it unchecked, this will set AllowedIPs to 0.0.0.0/0 and all traffic will be routed through the tunnel. If you press it, only traffic directed to the wireguard network will be routed. To access the server services you must write the IP of the server, if the tunnel is number 1 the IP will be 10.192.1.254, | ||
+ | * **Persistent Keepalive** The default setting is to leave it blank. In some cases it may be necessary to set a value here to keep the connection active. A suitable value is usually 25 (Every 25 seconds the client will send a packet to the server). | ||
+ | * **DNS Servers** The default setting is to leave it blank. In some cases it may be necessary to establish a DNS server for the client to communicate correctly on the local network. The usual thing will be to establish the IP of the router. The menu will show the existing value in resolv.conf in case you want to copy it to the field on the right. | ||
* Click **Save**. At this point, if you have already activated the tunnel and the client, the connection will be up and running. | * Click **Save**. At this point, if you have already activated the tunnel and the client, the connection will be up and running. | ||
* By pressing the button **Client Config** you can see the client configuration file, you can copy and paste the text in a file to configure the connection in the client. If you do it this way, add the ending " | * By pressing the button **Client Config** you can see the client configuration file, you can copy and paste the text in a file to configure the connection in the client. If you do it this way, add the ending " | ||
Line 517: | Line 525: | ||
* If you are testing the connection from a device connected to the same network by Wi-Fi or cable it will not work, disconnect from this network. For example, with a smartphone, disable Wi-Fi and connect to the internet with a mobile data connection. | * If you are testing the connection from a device connected to the same network by Wi-Fi or cable it will not work, disconnect from this network. For example, with a smartphone, disable Wi-Fi and connect to the internet with a mobile data connection. | ||
- | * Make sure your public IP is reachable on the internet. Look on your router for the public IP you are using. Compare that IP with the one that appears on any site of the whatismyip type. If they are different your network is not reachable. Check with your ISP if you are inside CGNAT. | + | * Make sure your public IP is reachable on the internet. Look on your router for the public IP you are using. Compare that IP with the one that appears on any site of the whatismyip type, for example [[https:// |
* Check that your domain points to your public IP. Type your domain on this site [[https:// | * Check that your domain points to your public IP. Type your domain on this site [[https:// | ||
* Make sure that you have established a tunnel with the default values and check the operation. Once verified, proceed to make the customizations. | * Make sure that you have established a tunnel with the default values and check the operation. Once verified, proceed to make the customizations. | ||
Line 523: | Line 531: | ||
---- | ---- | ||
+ | === The connection works, I receive data, but I cannot access the network === | ||
+ | |||
+ | Set the value '' | ||
+ | |||
+ | ---- | ||
+ | |||
+ | === I have set the same settings on the smartphone and the laptop and it only works on one === | ||
+ | |||
+ | If you need two accesses from two or more clients, you must configure a different connection for each client. If you establish the same configuration on different clients, only one of them will work, they will never work simultaneously. | ||
+ | |||
+ | ---- | ||
+ | |||
+ | === I can't access my shared folders === | ||
+ | |||
+ | Sometimes domain name resolution may not work. If this is the case, try accessing through your server' | ||
+ | |||
+ | ---- | ||
+ | |||
+ | === I can't access the internet from my client === | ||
+ | |||
+ | If you can access your local network from the client but cannot access the internet, try splitting the tunnel traffic. Connections directed to your local network would go through the Wireguard tunnel, the rest of the connections would go through your smartphone' | ||
+ | |||
+ | * In the client configuration replace the line '' | ||
+ | |||
+ | ---- | ||
===== Source Code ===== | ===== Source Code ===== | ||